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DETAILED ACTION 
Summary 

On November 3, 2006, an Office Action was sent to the Applicant rejecting 
claims 1-10. On January 2, 2007, the Applicant responded with arguments. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-10 are rejected under 35 U.S.C. 102(e) as being anticipated by Stoltz 
(2003/0125997). 

Stoltz discloses a method for risk assessment comprising creating a 
questionnaire containing a series of questions for prompting a user to supply 
information segmented according to risk areas, wherein the risk areas encompass 
categories of potential losses including legal and technological exposures in business 
practice, operational procedures, historical experience, compliance with regulations, 
and external threats including infrastructure failures and third party actions, providing a 
data store for recording data identifying user responses to the questions; programming 
a series of scoring rules containing an algorithm whereby the user responses are 
interpreted as indicating a predetermined level of risk at least as to categories of said 



Application/Control Number: 10/035,890 Page 3 

Art Unit: 3691 

potential losses and exposures, presenting the questionnaire to a user and collecting 
the user responses in the data store, processing the user responses through the scoring 
rules and the algorithm to generate a report identifying risk levels according to the risk 
areas (p.1, 11 to p.2, 17; p.2, 28 to p.3, 52; p.4, 54; and p.5, 67 to 9.6, 105); storing a 
series of recommendations associated with the risk areas, selecting among the 
recommendations as a function of at least one of the user responses and the risk levels 
identified by said processing step, and presenting selected ones of the 
recommendations in the report (p.1, 1 1 to p.2, 17; p.2, 28 to p.3, 52; p.4, 54; and p.5, 67 
to 9.6, 105); creating a database and storing the questions and the user responses for a 
plurality of users for comparison in risk assessments of future users (p.1, 11 to p.2, 17; 
p.2, 28 to p.3, 52; p.4, 54; and p.5, 67 to 9.6, 105); one of segmenting of the 
risk areas, creating the questionnaire and composing the algorithm comprises reliance 
on available data and judgment of professionals skilled in the risk areas (p.1 , 1 1 to p.2, 
17; p.2, 28 to p.3, 52; p.4, 54; and p.5, 67 to 9.6, 105); the risks comprise at least one of 
risk of potential loss or exposure due to computational deficiency, denial of service, 
security breach, violation of legal regulations, violation of established law, tortious 
conduct, contractual breach, insufficient capacity to meet contractual obligations, breach 
of commitment of confidentiality, violation of intellectual property rights, and failure to 
adhere to multi-jurisdictional differences in regulations (p.1, 11 to p.2, 17; p.2, 28 to p.3, 
52; p.4, 54; and p.5, 67 to 9.6, 105); the risks are selected from the group consisting of 
risk of potential loss or exposure due to computational deficiency, denial of service, 
security breach, violation of legal regulations, violation of established law, tortious 
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conduct, contractual breach, insufficient capacity to meet contractual obligations, breach 
of commitment of confidentiality, violation of intellectual property rights, and failure to 
adhere to multi-jurisdictional differences in regulations (p.1, 11 to p.2, 17; p.2, 28 to p.3, 
52; p.4, 54; and p. 5, 67 to 9.6, 105); the risks consist of risk of potential a-claim loss or 
exposure due to computational deficiency, denial of service, security breach, violation of 
legal regulations, violation of established law, tortious conduct, contractual breach, 
insufficient capacity to meet contractual obligations, breach of commitment of 
confidentiality, violation of intellectual property rights, and failure to adhere to multi- 
jurisdictional differences in regulations (p.1, 11 to p.2, 17; p.2, 28 to p.3, 52; p.4, 54; and 
p.5, 67 to 9.6, 105); questionnaire requires selection among a limited set of possible 
answers and the algorithm quantifies risk based on each possible answer (p.1 , 1 1 to 
p.2, 17; p.2, 28 to p.3, 52; p.4, 54; and p.5, 67 to 9.6, 105); the questionnaire requires 
selection among yes/no and numeric answers (p.1, 11 to p.2, 17; p.2, 28 to p.3, 52; p.4, 
54; and p.5, 67 to 9.6, 105); and the questionnaire permits at least one of a missing 
answer and an answer indicating a lack of information, and wherein the algorithm 
assesses the risk levels as a function of said one of a missing answer and said lack of 
information (p.1, 11 to p.2, 17; p.2, 28 to p.3, 52; p.4, 54; and p.5, 67 to 9.6, 105). 

Response to Arguments 
Applicant's arguments with respect to claims 1-10 have been considered but are 
moot in view of the new ground(s) of rejection. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Lalita M. Hamilton whose telephone number is (571) 

272- 6743. The examiner can normally be reached on Tuesday-Thursday (6:30-2:30). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kalinowski Alexander can be reached on (571) 272-6771 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




